More information is collected and shared about us as we go about our daily lives than ever before. It’s in the screens we watch, the websites and apps we use and the latest must-have toysand gadgets. And it’s not just about technology – information is captured by public services too. Our data footprints are getting bigger and bigger.
The report highlights how very young children are now using toys that are connected to the internet. These gather personal messages and information that may be insecure and open to attack from hackers, it says.
The report estimates that between the ages of 11 and 16, children post on social media 26 times a day, on average by the time they reach adulthood. They are likely to have posted 70,000 times. By the age of 13, a child’s parents will have posted on average 1,300 photos and videos of them to social media.
There is also the data gathered when children use the internet; tracking devices and apps used by parents to keep tabs on their offspring; the biometric data held by public bodies such as schools and the NHS
The report warns that there could be risks to young people where profiling of internet usage is utilised in areas of life where it can have deeper ramifications, such as the judicial system or the education system.
One worrying scenario it gives is if a health insurance company used information posted by a child on social media about their mental health as part of its decision on whether to issue a policy or how much to charge.
Key Findings:
- School databases contain lots of personal information in named records, including progress reports, exam results, details of any special educational needs and any absences or exclusions. 80% of schools in the UK use a system provided by one organisation, CAPITA SIMS, to log this data. Some information is also shared with the Department for Education and included in the National Pupil Database.
- Biometric data is data related to features of a person’s body, e.g. fingerprints. In 2012-13, four in ten secondary schools were collecting biometric data – it’s likely that even more collect it now. Some experts have expressed concerns that biometric data collected in schools could in theory be combined with biometric data from other sources to create a sophisticated data record.
- There are many apps which teachers can use to help their students learn and manage their behaviour. For example, ClassDojo allows teachers to award positive or negative Dojo points in response to good or bad behaviour. It has been used by more than 70% of schools in the UK. Data is shared with 31 other organisations, each of which have their own privacy policies too.
- Over half of the UK’s 11–12 year-olds with internet access have a profile on a social networking site. According to Barclays, three key pieces of information are required to steal someone’s identity: their name, date of birth, and address – all of which can be found on many children’s profiles. Children might also reveal personal information when taking part in social media campaigns, e.g. details of mental health conditions.
- On average, parents with children aged zero to 13 share 71 photos and 29 videos of their child every year to social media sites. More are shared on private messaging apps such as WhatsApp. Research by Barclays suggests that by 2030, information shared by parents online will lead to two-thirds of the identity theft committed against young people.
- When browsing the web and shopping online, people can reveal lots of details about themselves, including their age, gender, likes, dislikes, health conditions and more. Parents might also give away information about their children, e.g. when searching for products to buy for them.
- Among eight to 11 year olds, 39% have their own smartphone and 52% have a tablet. Children frequently use apps on these devices. Research into more than 400 Android apps found that three quarters contained trackers, which collect information such as the user’s behaviour on the app or their physical location – often without the user being aware.
- The average member of the public in England visits the GP five times per year. Children and older people have the highest consultation rates. Each time someone visits the GP their medical records are updated.
- All new parents are given a paper booklet called the Red Book (or Personal Child Health Record). In this they record any illnesses, accidents or medication their child receives. A new digital version of the Red Book is being developed and trialled. For the first time, health professionals will be able to see the Red Book without asking parents to show it to them.
- For years, supermarkets and high street shops have collected data about their customers through loyalty schemes. People signing up to these schemes may give out information about themselves or their family (including their children).
- Location tracking watches are aimed at children who aren’t old enough to have their own phone. They allow parents to track their children’s location and are sold as safety devices. Research by the Norwegian Consumer Council into four location tracking watches found that none of them allowed users to delete their accounts.
- Travel passes, such as Zip Oyster cards in London, are used by children to access free or discounted travel. A range of personal information is collected when signing up to or using these schemes, including personal details such as name, address and date of birth, as well as journey details.
Recommendations:
- There is increasing recognition within digital policy that children have particular needs and therefore warrant special consideration and protection. In keeping with this welcome development, the new Centre for Data Ethics and Innovation should undertake a programme of work specifically focused on children.
- CCO supports the Science and Technology Committee in their recommendation that the Centre for Data Ethics and Innovation and ICO review the operation of GDPR by May 2019. The rapid pace of technological change means that swift regulatory action may be needed in order to protect children from being disadvantaged by the way their data is used, especially with regard to profiling and automated (and semi-automated) decision-making.
- The Government should consider introducing an obligation on those using automated decision-making to be more transparent about the algorithms they use and the data fed into these algorithms, where data collected from under 18s is used.
- Companies producing apps, toys and other products aimed at children should be more transparent about any trackers capturing information about children. In particular where a toy collects any video or audio generated by a child this should be made explicit in a prominent part of the packaging or its accompanying information.
- Companies should state their terms and conditions using language children can understandexplaining clearly what data is collected and how it will be used.
- Schools should teach children about how their data is collected and used, and what they can do to take control of their data footprints. These lessons should cover information shared online but also information gathered in the home(e.g. through connected devices) and outside the home (including through public services).